IN THE CLAIMS : 



1 . (Currently amended) A method, in an information handling system comprising a 
processor and a storage device, for improving the handling of personally identifiable 
information, said method comprising: 

generating, in the information handling system, an object model for representing 
relationships between active entities with regard to handling of personally identifiable 
information, wherein the active entities comprise a data subject, represented as a data 
subject object in the object model, and at least one data user, represented as at least one 
data user object in the object model, and wherein the data subject is an active entity that 
is identified by the personally identifiable information and the at least one data user is an 
active entity that uses the personally identifiable information obtained from the data 
subject; 

identifying, by the information handling system, parties involved in a process of 
handling personally identifiable information based on the object model, wherein the 
parties comprise the data subject and the at least one data user; 

identifying, by the information handling system, data involved in said process 
from a data model; 

classifying, by the information handling system, the data as personally identifiable 
information or non-personally identifiable information; 

expressing, by the information handling system, based on the object model, each 
relationship between each pair of said parties in terms of a privacy agreement, wherein 
the privacy agreement for each relationship between each pair of parties is a subset of a 
natural language privacy policy set, the subset being defined as specific to a particular 
situation or purpose and specific to the particular parties in the pair of parties; and 

representing, by the information handling system, said parties, said data, and said 
privacy agreements graphically as objects and associations between objects in one or 
more privacy agreement relationship diagrams; 

identifying opportunities to reduce privacy-related risks involved in said process 
based on the one or more privacy agreement relationship diagrams; and 
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identifying opportunities to transform data into a less sensitive form based on the 
one or more privacy agreement relationship diagrams, wherein the less sensitive form is 
one of a de-personalized form in which transformed data does not contain personally 
identifiable information that identifies the data subject but is able to be associated with 
the data subject using other data having personally identifiable information, or an 
anonymous form in which transformed data does not contain personally identifiable 
information that identifiers the data subject and is not able to be associated with the data 
subject, wherein: 



each privacy agreement uses a limited number of privacy-related actions 
concerning said personally identifiable information; and 

said privacy agreement expresses privacy rules regarding said privacy-related 
actions, for each party in a pair of parties with which the privacy agreement is associated. 

2. (Previously presented) The method of Claim 1 , further comprising mapping a 
business process to privacy rules of one or more privacy agreements for each pair of 
parties. 

3-5. (Canceled) 

6. (Currently amended) A system for improving the handling of personally 
identifiable information, said system comprising: 
a processor; and 

a memory coupled to the processor, wherein the memory comprises instructions 
which, when executed by the processor, cause the processor to: 

generate an object model for representing relationships between active entities 
with regard to handling of personally identifiable information, wherein the active entities 
comprise a data subject, represented as a data subject object in the object model, and at 
least one data user, represented as at least one data user object in the object model, and 
wherein the data subject is an active entity that is identified by the personally identifiable 
information and the at least one data user is an active entity that uses the personally 
identifiable information obtained from the data subject; 



Page 3 of 15 
Adler et al. - 09/884,296 



identify parties involved in a process of handling personally identifiable 
information based on the object model, wherein the parties comprise the data subject and 
the at least one data user; 

identify data involved in said process from a data model; 

classify the data as personally identifiable information or non-personally 
identifiable information; 

express, based on the object model, each relationship between each pair of said 
parties in terms of a privacy agreement, wherein the privacy agreement for each 
relationship between each pair of parties is a subset of a natural language privacy policy 
set, the subset being defined as specific to a particular situation or purpose and specific to 
the particular parties in the pair of parties; [[and]] 

represent said parties, said data, and said privacy agreements graphically as 
objects and associations between objects in one or more privacy agreement relationship 
diagrams; 

identify opportunities to reduce privacy-related risks involved in said process 
based on the one or more privacy agreement relationship diagrams; and 

identify opportunities to transform data into a less sensitive form based on the one 
or more privacy agreement relationship diagrams, wherein the less sensitive form is one 
of a de-personalized form in which transformed data does not contain personally 
identifiable information that identifies the data subject but is able to be associated with 
the data subject using other data having personally identifiable information, or an 
anonymous form in which transformed data does not contain personally identifiable 
information that identifiers the data subject and is not able to be associated with the data 
subject , wherein: 



each privacy agreement uses a limited number of privacy-related actions 
concerning said personally identifiable information; and 

said privacy agreement expresses privacy rules regarding said privacy-related 
actions, for each party in a pair of parties with which the privacy agreement is associated. 
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7. (Previously presented) The system of Claim 6, wherein the instructions further 
cause the processor to map a business process to privacy rules of one or more privacy 
agreements for each pair of parties. 

8-10. (Canceled) 

1 1 . (Currently amended) A computer-usable medium having computer-executable 
instructions for improving the handling of personally identifiable information, said 
computer-executable instructions, when executed by a computing device, cause the 
computing device to: 

generate an object model for representing relationships between active entities 
with regard to handling of personally identifiable information, wherein the active entities 
comprise a data subject, represented as a data subject object in the object model, and at 
least one data user, represented as at least one data user object in the object model, and 
wherein the data subject is an active entity that is identified by the personally identifiable 
information and the at least one data user is an active entity that uses the personally 
identifiable information obtained from the data subject; 

identify parties involved in a process of handling personally identifiable 
information based on the object model, wherein the parties comprise the data subject and 
the at least one data user; 

identify data involved in said process from a data model; 

classify the data as personally identifiable information or non-personally 
identifiable information; 

express, based on the object model, each relationship between each pair of said 
parties in terms of a privacy agreement, wherein the privacy agreement for each 
relationship between each pair of parties is a subset of a natural language privacy policy 
set, the subset being defined as specific to a particular situation or purpose and specific to 
the particular parties in the pair of parties; and 

represent said parties, said data, and said privacy agreements graphically as 
objects and associations between objects in one or more privacy agreement relationship 
diagrams; 
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identify opportunities to reduce privacy-related risks involved in said process 
based on the one or more privacy agreement relationship diagrams; and 

identify opportunities to transform data into a less sensitive form based on the one 
or more privacy agreement relationship diagrams, wherein the less sensitive form is one 
of a de-personalized form in which transformed data does not contain personally 
identifiable information that identifies the data subject but is able to be associated with 
the data subject using other data having personally identifiable information, or an 
anonymous form in which transformed data does not contain personally identifiable 
information that identifiers the data subject and is not able to be associated with the data 
subject , wherein: 



each privacy agreement uses a limited number of privacy-related actions 
concerning said personally identifiable information; and 

said privacy agreement expresses privacy rules regarding said privacy-related 
actions, for each party in a pair of parties with which the privacy agreement is associated. 

12. (Previously presented) The computer-useable medium of Claim 11, wherein the 
instructions further cause the computing device to map a business process to privacy 
rules of one or more privacy agreements for each pair of parties. 

13-20. (Canceled) 
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